Among all the debates about mass surveillance and NSA intercepting and spying the Internet traffic, do you really know how secure your server-side SSL configuration is? Qualys SSL Labs provides a very detailed analysis tool that checks almost all aspects of the SSL configuration of a web server. This blog’s report is here.
In SSL Labs’ overview about deploying SSL forward secrecy,
In the context of mass surveillance, however, the RSA key exchange is a serious liability. Your adversaries might not have your private key today, but what they can do now is record all your encrypted traffic. Eventually, they might obtain the key in one way or another…
To mitigate the RSA key exchange weakness, SSL servers can implement forward secrecy using two algorithms, “the standard Diffie-Hellman (DHE) and the adapted version for use with Elliptic Curve cryptography (ECDHE).” These two key exchange algorithms guarantee that all SSL session keys are generated, exchanged, and destroyed in one session. If attackers record communications between two parties, they need not only to obtain the server’s private key, but also compromise the keys of every session.
To configure forward secrecy on web servers, SSL labs provides two example configurations for Apache and Nginx respectively:
For Nginx:
1 2 3 |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; |
For Apache:
1 2 3 |
SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" |